ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware. The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. Thousands more could be at risk as there is quite a lengthy list of other banks located in many other countries in this malware’s crosshairs. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The Retefe malware, suspected as the main culprit in the Tesco attack, is a perfect example of the thorough, professional attacks hitting the internet today. Retefe thinks of everything. It targets many banks other than Tesco. It makes the fake website appear secure to relax the user expecting to see “https” and the browser’s indication that things are good. Retefe even has a mobile component to take over codes sent to your phone. Too many people still think the bad guys are loners in basements. But when there is profit motive, it’s more likely that the bad guys are calculating, patient pros who can be recognized by the high quality of their work like Retefe.
The reason Retefe malware and others like it are so dangerous is that they completely compromise one end of a secure communication. If you and I talk on the phone, only one of our phones needs to be bugged for the bad guy to capture both sides of our conversation. If the bad guy owns your machine, you can put all the security you want on the server and it won’t matter. When you have the user change their password, the bad guy sees it. When you switch up the website process, the bad guy sees that too and can emulate it. The only thing that can be truly effective is a very diligent end user who knows what to look for. That means all the banks can do is offer tips on how to spot the fake sites collecting user data that the malware creates and hope the user is diligent enough to learn and watch for signs of the bad guys at work.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…